AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `dist/connection.js` accepts relay messages for terminal, file, Git, and tunnel operations.
- `dist/terminal.js` opens a local PTY and forwards remote input to its shell.
- `dist/copilot.js` invokes Copilot with `--allow-all` and `--no-ask-user`.
- `dist/service.js` creates boot-persistent services only through `service install`.
- `dist/cli.js` downloads and globally installs upgrades only through explicit `upgrade` commands.
- `package.json` has no preinstall, install, or postinstall hook.
- `README.md` documents the relay/remote-control behavior and explicit service and upgrade commands.
- `dist/emergency-upgrade.js` restricts emergency artifacts to the package name, allowed origin/path, size, and integrity checks.
Source & flagged code
6 flagged · loading sourcePackage source references weak cryptographic algorithms.
dist/emergency-upgrade.jsView on unpkg · L4Source writes installer persistence such as shell profile or service configuration.
dist/service.jsView on unpkg · L1This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/cli.jsView on unpkgPackage source invokes a package manager install command at runtime.
dist/cli.jsView on unpkg · L741